SAFETY4SEA Cyber Masterclass

The SAFTY4SEA Cyber Masterclass successfully concluded on 16th of May at the Bookcastle of the National Library at Stavros Niarchos Foundation Cultural Center (SNFCC) attracting 240 delegates from a total of 125 organizations.

The event, organized by SAFETY4SEA, brought together global experts who focused on the recent and future cyber challenges that shipping faces amid digital transformation. The presentations, which were given in two sessions, provided a comprehensive review of current cyber threats and outlook for effective ‘cyber hygiene’, examining both the theoretical framework and lessons learned from response to cyber-attacks that have been recorded.

Welcome & Overview by the Event Facilitator

Apostolos Belokas, Managing Editor, SAFETY4SEA

Apostolos is a Maritime Safety, Quality & Environmental Expert, Consultant, Trainer and Project Manager with more than a 20-year background in shipping as Technical, Marine, Safety & Training Superintendent and Consultant. He entered the industry back in early 90’s as Engineering Superintendent with a leading ship manager operating a mixed fleet of bulk and oil/chemical tankers. He then shifted to regulatory compliance and QHSE as superintendent and later as a Consultant and Trainer. Apostolos has successfully completed a wide range of QHSE projects including 250+ management system projects (ISM/ISO 9001-14001-18001/TMSA/MLC), 500 vessel and office audits to various standards and he has trained more than 8,000 people in a wide variety of QHSE subjects. He has also presented and chaired to more than 40 conferences. He holds Mechanical Engineering Bachelor and Master’s specialising in Energy & Environment and Master’s Degree in Maritime Business and Business Administration (MBA), all of them awarded with distinction. Apostolos is the Managing Director of SQE MARINE, SQE ACADEMY and Managing Editor of SAFETY4SEA and GREEN4SEA.

Session # 1 –The Theoretical Framework

Max J. Bobys, VP Global Strategies, HudsonAnalytix

Mr. Bobys draws on 24 years of experience with technology startups, enterprise risk management, and new product development, spanning such disciplines as cybersecurity and integrated physical/electronic security systems in the maritime security space. As Vice President of Global Strategies for HudsonAnalytix, Inc., a global maritime risk management firm, he currently leads the company’s cyber risk management practice: HudsonAnalytix Cyber (“HA-Cyber”), which specializes in bringing to market best-in-class cyber risk management, assessment and cyber threat information sharing solutions tailored specifically to the global maritime industry. In this capacity, he led the design and is currently leading the delivery of HA-Cyber’s first-to-market, award-winning maritime cybersecurity assessment and management platform, HACyberLogix (www.hacyberlogix.com). In addition, he works closely with HudsonTrident, the company’s security arm, in supporting maritime clients with converged and evolving cyber-physical security requirements. Mr. Bobys previously served in a variety of executive positions at such companies as Civitas Strategy Group, providing specialized advisory support to companies in the Homeland Security, Defense and Intelligence markets; as well as BAE Systems, Stanley, and Ciber, among others.

Mr. Bobys has also successfully co-founded several companies offering innovative, first-to-market capabilities in the cybersecurity space. These include, among others, Axio, a niche advisory firm specializing in measuring enterprise cyber risk and the underwriting major cyber insurance instruments; Global Cyber Security, a provider of specialized cyber threat intelligence services; and Smart Security Group, a provider of security training and compliance management solutions for the global maritime security market. He has supported a wide range of clients, including various U.S. Federal, State and Local Government bodies, including all branches of the U.S. Department of Defense, NATO, and numerous allied governments in Europe, Latin America and the Caribbean. He has spoken widely on the subject of maritime cybersecurity throughout the Americas, Europe, Africa and Asia. He currently advises the Organization of American States’ Inter-American Committee on Ports on matters of maritime cyber risk management, is the co-founder and Vice-Chair of the Maritime Technology Society’s Maritime Cybersecurity and Infrastructure Committee, and serves on the Delaware Bay Area Maritime Security Committee’s Sub-Committee on Cybersecurity.

Colin is the Deputy Director of Loss Prevention at North P&I Club, one of the world’s leading mutual marine insurers providing P&I, FD&D, war risks and ancillary insurance. North’s highly regarded loss prevention team of skilled and experienced ex-mariners provides high quality information and real-time support to help North’s members improve their operational efficiency and effectiveness. Prior to joining North in 2006 Colin served at sea and worked in maritime education.

Nick Taylor, Consultant, Shoreline

After 38 years of engagement in the marine insurance sector, closing as the head of Marsh’s Global P & I Practice, Nick Taylor, now as an independent consultant to Shoreline, is introducing a new insurance product for the Marine Transport sector.

Having been involved in the creation of Shoreline 23 years ago, and having been influential in the formulation of the revision to the Athens Convention in 2006 and the subsequent provision of War Blue Cards by Shoreline, Nick has now dusted down his creativity to turn his focus onto the fast changing world of Cyber and Crime Insurance for ship owners, operators and other marine service providers.

The insurance market has adopted a tramline approach to these risks assigning certain elements to “Crime” and others to “Cyber”. In reality the two are enmeshed and the distinction between the two is increasingly blurred. Nick has been fashioning an integrated insurance product for Shoreline that, in collaboration with XL Catlin, will encompass all the elements of cover associated with the loosely used expression Cyber Crime.

As of October 2017 he is leading a research project at CH on maritime cyber securiry. Before joining Chatham House, Chronis was a Lieutenant Commander in the Hellenic Navy. He is also a Visiting Research Fellow at the Dartmouth Centre for Seapower and Strategy at Plymouth University.

He has over 15 years of professional experience as an operations, intelligence analysis and information security officer in NATO, EU and UN operations. His research interests include cybersecurity, defence studies, international and maritime security.

Chronis is a certified maritime security instructor by the MCA, UK. In the past he has taught widely on defence studies, maritime and international security at the Hellenic Airforce Academy and Hellenic Navy Training Command.

His academic publications include articles for Foreign Affairs, the Academy for Strategic Analyses, conference papers for ECPR, UACES and SLSA and comments for the New York Times, the Independent and the Wall Street Journal.

He holds a BSc in Naval Warfare from the Hellenic Naval Academy, an MA in International Relations and Global Security from Plymouth University and a PGCert in Defence Management and Leadership from the Hellenic Naval War College.

Session # 2 – The Practical Aspects

Demetres Armanes is currently a senior research engineer at the American Bureau of Shipping (ABS). He holds a Ph.D. in Intelligent Control and a B.Eng. in Electrical and Electronics Engineering from The University of Liverpool. He worked as a Chartered Engineer designing Marine Programmable Electronic Systems, prior joining ABS in 2010 as a Regional Account Manager for ABS Nautical Systems.

Cynthia Hudson, CEO, HudsonAnalytix

Cynthia A. Hudson is CEO and founder of HudsonAnalytix, Inc., a global maritime risk consultancy serving the maritime transportation sector, headquartered in the Philadelphia, US and internationally from Piraeus to Jakarta. In 1986, Ms. Hudson founded what became HudsonAnalytix to provide emergency response, maritime project management and maritime consulting services to maritime transportation interests; oil and energy, vessel owners/operators and insurers for more than 100 oil and hazardous material response incidents. Hudson led the firm into maritime security for ports and vessels providing port vulnerability security assessment work at hundreds of ports and facilities worldwide and in 2016 expanded HudsonAnalytix’s cyber operations to design and deliver cybersecurity and cyber risk management solutions to maritime clients and provide cybersecurity expertise to governmental agencies.

Well-known and highly regarded throughout the maritime transportation industry for her work and contributions in her field, Ms. Hudson was most recently honored by the Organization of American States (OAS) Inter-American Committee on Ports with the 2016 Maritime Award of the Americas: Outstanding Women in the Maritime and Port. Ms. Hudson serves on a number of Industry Boards, and is President of WIST A Delaware River & Bay Chapter and a Director of the North American Marine Environment Protection Association (NAMEPA).

Eftihia Benaki, IT Manager, Minerva Marine Inc

Eftihia is the IT Manager of Minerva Marine Inc. and has been with the company for 17 years. Her expertise lies in information systems, design of IT strategies and leading IT transformational projects. Previously she worked at E&Y, Intrasoft and the European Union, showing an intense interest in research & development, with active participation in European projects. She has a Bachelor in Computer Science from the Economic University of Athens and a Masters in Artificial Intelligence from the University of Edinburg.

The SAFTY4SEA Cyber Masterclass successfully concluded on 16th of May at the Bookcastle of the National Library at Stavros Niarchos Foundation Cultural Center (SNFCC) attracting 240 delegates from a total of 125 organizations.

The pace of overall technology development has been unprecedentedly fast in the past few years and more developments are looming in the forthcoming years to make the smart shipping concept a reality. However, the ‘smart era’ escalates cyber security risks; last year shipping industry reported the first significant cyber incidents which rang the bell for this new kind of threats. Certainly, with the sheer amount of data getting generated globally across the shipping industry, cyber security is one the major issues that needs to be addressed.

The event, organized by SAFETY4SEA, brought together global experts who focused on the recent and future cyber challenges that shipping faces amid digital transformation. The presentations, which were given in two sessions, provided a comprehensive review of current cyber threats and outlook for effective ‘cyber hygiene’, examining both the theoretical framework and lessons learned from response to cyber-attacks that have been recorded.

Session # 1 – The Theoretical Framework

Mr. Max J.Bobys, VP Global Strategies, HudsonAnalytix, gave a presentation with the aim to initially characterize the rapidly evolving cyber threat landscape and place it in maritime industry context. The IMO’s current cyber risk management framework was presented and reviewed, including the identification and overview of associated standards, models and frameworks that provide its core foundation. Mr. Bobys also referred to common questions and key insights into the challenges today’s shipping companies are faced with, and discussed about the forthcoming trends. Concluding his presentation, he highlighted that an assessment approach for initiating organizational cyber risk management and sustaining risk reduction activities that’s consistent with the IMO’s guidelines, is essential to any organization.

Mr. Colin Gillespie, Deputy Director (Loss Prevention), The North of England P&I Club, highlighted that the risk of cyber-attacks is ever present across all industries and sectors. The IMO has recognized the threat of cyberattacks in the marine industry and will require ship operators to consider cyber risk management as a part of their safety management system. Mr. Gillespie briefly presented both the H&M and the P&I position towards cyber risks and preparedness. Also he gave the owner’s picture towards cyber seaworthiness and suggested available useful tools that can help to create awareness over the issue such the ‘Be Cyber Aware At Sea’ initiative and CSO Alliance. Finally, Mr. Gillespie highlighted that there is need to keep up momentum and dialogue to counter cyber security threats.

Mr. Nick Taylor, Consultant, Shoreline, provided feedback on the topic of Cyber or IT Security from the insurer’s perspective, noting that shipowners are facing a number of calls to address them across all aspects of their operations. The pressure is not yet as severe as that imposed by the Oil Pollution Act 1990, where attitudes to preventing environmental pollution had materially to change, and successfully so. In response to evident client demand to address the situation, the insurance industry has been led by Shoreline into offering to indemnify the financial costs of the disruption caused by a CyberCrime attack in respect of the whole business, at sea or ashore.Mr. Taylor further said that the insurance will take its place in accepting the transfer of those risks that are either too costly to prevent or where the threat remains as yet unrecognised, as an integral part of a well-developed risk management programme.

Mr. Chronis Kapalidis, Academy Stavros Niarchos Foundation Fellow, International Security Department, Chatham House, focused on the EU GDPR, an important legislation for the data protection, effective from May 25th2018, which is undoubtedly a great challenge for cyber security that cannot be ignored. In this regard, Mr. Kapalidis shared five best practices in order organizations to successfully comply with the regulation and at the same time effectively safeguard and secure personal data amid possible cyber threats. Therefore, it is important all organizations to invest in cyber security; decide to take up cyber insurance; report breaches responsibly within 72 hours as per regulation; understand the risks and not leave it to the IT team only; and finally regularly review procedures and not be complacent.

Session # 2 –The Practical Aspects

Mr. Demetres Armanes, PhD, Senior Research Engineer, Engineering and Technology, Global Ships Systems Center, American Bureau of Shipping, argued that cybersecurity is a wide-ranging, cross-platform issue for which ABS brings together information technology (IT) and operational technologies (OT) in a unique approach. This approach moves clients from a traditional set of basic procedures covering corporate organization and governance to a digitally informed, detailed capability and task-assessment cycle. In particular, it aims to identify and address Operational Technology (OT) cyber-risk vulnerabilities for marine and offshore assets and fleets with a view to compile an industry standard with actionable tasks to improve cyber intelligence and security implementation.

Mrs.Cynthia Hudson, CEO, HudsonAnalytix, delivered a presentation of the practical approach a ship operator must undertake in order to address the important risk of cyber security. The methods provided put the ship operator in control of this critical risk element and enables him to assess his exposure; identify and measure his present level of cyber readiness; and give him the tools to implement a robust enterprise wide sustainable cyber maturity program which is continuously indicating and documenting progress and achievements in the protection of the assets of the company.

Mrs. Eftihia Benaki, IT Manager, Minerva Marine Inc, referred to the three principal risks an organization could face in an event of cyber breach: Business Operational Risk, Reputational Risk and Legal or Compliance Risk. When it comes to shipping, she said, the risk may affect Safety and Environment, which makes it even more serious. Although IT Teams have been working on security for years, shipping industry is lately being forced with regulations to include cyber risk in its safety management system. Mrs. Benaki further explained that Minerva Marine is working on three pillars to address cyber security. The first one is to raise awareness, on shore and onboard, either with formal training courses or by alternative means. The second one covers the procedural part, with the help of a risk assessment platform and vulnerability assessments and the third one is investing on new technology to protect information and operational assets.

Mr. Apostolos Belokas, Managing Editor, SAFETY4SEA, provided lessons learned from recent cyber incidents and addressed future challenges. Mr. Belokas started his presentation highlighting that according to a recent survey by Allianz, cyber-crime is considered one of the top five risks in shipping. Considering all incidents so far, from attacks recorded in the maritime industry (Saudi Aramco, IRISL, Maersk, Clarkson) until the recent data security breach of Facebook, we certainly need to better prepare for the unknown challenges ahead by applying lessons learned, he commented. However, non-reporting of this kind of incidents and not testing of cyber capabilities do not help in tackling the issue. Concluding his presentation, Mr. Belokas further noted that mindset seems to be the biggest obstacle towards cyber hygiene; overall the resistance to change is of human nature.

All sessions ended with a round table discussion in which the audience exchanged ideas with high level experts of international repute on technological developments. Finally, Apostolos Belokas as the Event Facilitator thanked the delegates for their participation and the speakers for their excellent presentations and also the organizing team of the event for their contribution towards forum objectives. Explore more about the event at https://events.safety4sea.com/safety4sea-cyber-masterclass/

Forum EvaluationWe would appreciate if you could take less than 3 minutes of your time to share your thoughts with us in way of:

Speaker’s quality

Overall event

Open feedback for future events

Participation in the survey will not only enable us to get your structured feedback but also to enhance the quality of the event and the overall delegate experience!The ONLINE evaluation form is available to complete anonymously online here

Event will be covered on the next SAFETY4SEA Log due to be issued in June 2018 !

The Stavros Niarchos Foundation Cultural Center is a complex in the bay of Phaliron in Athens which includes new facilities for the National Library of Greece and the National Opera, as well as the 210,000 m² Stavros Niarchos Park. It is fully accessible to general public and strives to ensure that everyone is welcome and has access to the programs and services offered.

The hill of the Park which is the biggest part of it, is also accessible by everyone. The touring towards the top of the hill is possible through the Park’s walks and the planted rooftops of the buildings, reaching 32 meters height.
The material of the walks’ ground layer (stabilized ceramic floor) and the incline of the Park which is 3-5%, allow all visitors to move around the Park easily, which is also accessible to parents with strollers and people with mobility limitations.

By Car

From Piraeus:

Keep driving on Mikras Asias Avenue which at the Peace and Friendship Stadium is renamed to New Posidonos Avenue towards Kallithea.

As soon as you get off the New Posidonos Avenue keep straight on the Old Posidonos Avenue towards Palaio Faliro and Turn left at Epameinonda Street.

Continue straight for two blocks and turn right at Peisistratou Street. Continue straight until the intersection of Peisistratou and Sachtouri Street, where the entrance of the SNFCC’s parking space is located.

Αt the junction with signage Piraeus/Glyfada at the end of Syggrou Avenue, follow the left side of Syggrou Avenue that leads to Piraeus and then turn right at the entrance of the SNFCC.

Drive on the roundabout and take the first exit. Continue straight following the signs where the entrance of the SNFCC’s parking space is located.

From Posidonos Avenue(Glyfada)– South Suburbs:

Follow Posidonos Avenue and at the point where the Avenue is divided with Syggrou Avenue keep left and follow the direction towards Piraeus.

Keep right and take the first exit, which leads to the roundabout of the SNFCC’s parking space.

By Bus or by Metro & Bus

Buses:
From the Center of Athens

Lines Β2, 550: These lines pass through the metro station Syggrou Fix where you can change means of transport. Getting off at the “Onasseio” stop on Syggrou Avenue southbound, head south in the direction of the sea, up to Evripidou Street (junction with Syggrou Avenue by-lane).

From Pireaus
Lines A1, B1, 130, 217, 860: Getting off at the “Tzitzifies” stop on Ethnarchou Makariou Avenue. Move on the avenue towards Glyfaga, then left onto Epaminontas Street and finally right onto Peisistratou Street.

From the “Τzitzifies ” stop, walk towards the Navarhou Votsi street and then turn right at Peististratou street. At Peisistratou and Sahtouri street you will find the entrance of the SNFCC through its parking.

By Trolley

Line 10 from Chalandri Square to the Epaminonda stop. Walk towards Peisistratou and Sahtouri street and you will find the entrance of the SNFCC through its parking.

Οn foot

The following entrances are open for entering the SNFCC:

• Evripidou & Doiranis (entrance for the SNFCC Visitors Center)

• Evripidou & Irakleous

• Evripidou & Dimosthenous (entrance for the Running Track)

• Peisitratou & Sachtouri (entrance for the Parking of the SNFCC)

• Esplanade Pedestrian Bridge

By bicycle

Bicycle parking spaces are available at the entrance of the parking of the SNFCC (Peisistratou and Sahtouri Street) as well as the Visitors Center (Eyrypidou and Doiranis). The parking of bicycles in these areas is under the responsibility of the owner / holder for any damages arising (theft, damage, etc.).